Banners Not Delivering over SSL

Owned by Andrew Hill (Unlicensed)
Last updated: May 26, 2017

On This Page:

Banners Not Delivering over SSL

A troubleshooting guide to help when banners will not deliver when using SSL (HTTPS).

 

Symptoms

Banners deliver over HTTP, but will not deliver over SSL (HTTPS).

Troubleshooting Process

Step 1: Check for HTML Banners with HTTP Content

Check for HTML banners that include content over HTTP, such as images, CSS files, etc. Whenever Revive Adserver attempts to deliver a banner over HTTPS, it will check potential banners that could be delivered, and exclude any that include content via HTTP.

This prevents content loaded via HTTP from being included on an HTTPS enabled page (which is presumably why HTTPS delivery is being used in the first place), as HTTP content on an HTTPS enabled page causes most browsers to display a warning to the user.

Update your HTML banners that need to be loaded via HTTPS to only include content via HTTPS.

Step 2: Check for HTTP to HTTPS Server Redirects (3xx) when using the Asynchronous JS Tag

If you are using the Asynchronous JS Tag for delivery, check to see if the issue is related to enforcing the use of SSL when the tag is being placed on an HTTP page.

The Asynchronous JS Tag automatically uses the same protocol (i.e. HTTP or HTTPS) as the page on which the tag is embedded. So, if you have an Asynchronous JS Tag placed on a page that is loaded using HTTP, then the Asynchronous JS Tag will automatically connect to your Revive Adserver instance using HTTP.

If, however, your Revive Adserver then returns an HTTP 3xx response code, indicating that the request needs to be redirected to use SSL, this will not work.

The Asynchronous JS Tag first calls Revive Adserver to retrieve data which is required to update the tag placeholder, so that the relevant banner can be loaded. For this to work, Revive Adserver returns some Cross-Origin Resource Sharing (CORS) headers.

However, most browsers will perform the request to the Asynchronous JS Tag as a CORS preflighted request. The specification for CORS forbids the processing of 3xx redirects. This means that an Asynchronous JS Tag embedded on an HTTP page must be able to access Revive Adserver's www/delivery/asyncjs.php script over HTTP.

If you have configured your webserver to enforce the use of SSL by redirecting requests over HTTP to HTTPS, then your options are:

  • Ensure that your Asynchronous JS Tag are only ever embedded on sites delivered using SSL;
  • Disable the redirection to SSL for the www/delivery/asyncjs.php script, so that this can be accessed via both HTTP and HTTPS; or
  • Use a different tag type.